I've made a "members' area" on my website. I was wondering if there is a better way to protect it. At present I use .htaccess to completely protect the directory. When a member is verified a cookie is set with a random number, and the same number is logged in a file on the server. Users use a script called read.cgi to fetch pages from the protected directory (using GET in the obvious way). read.cgi always checks the cookie against the file on the server before retrieving a page.

Any better ideas would be much appreciated.

p.s. If anybody thinks my script would be useful, they're welcome to a copy.